Symantec Privileged Access Management

 View Only

 How can I change Session Record Server?

Kazuhisa Takazawa's profile image
Kazuhisa Takazawa posted Apr 10, 2022 10:40 PM
Our customer is using a server for Session Record but its utilization of disk is very high and connection is unstable.
So they are going to make new server for the Session Record.
1) They can understand needed disk size but they want to confirm required Hardware spec.(i.e. CPU core and memory size) for it.
Can anyone advise about it?
2) Please advise procedure of changing the storage of Session Record.
    Can the session record data can be moved to new storage? They can be displayed after moving without any changing of setting?
3) Is there any problem when they just change mount of the storage of Session Record in setting in PAM Client?

Thank you for kind help.
Joseph Fry's profile image
Broadcom Employee Joseph Fry

Please note that the recording mounts are independent and external to PAM, and therefore it is up to the customer to deploy and manage those with support from the vendor of whatever solution they chose.

1) In most cases the requirements for a dedicated NFS or CIFS file server are very minimal.  A couple of cores and enough RAM to run the OS (2-4GB) is generally enough.  As the customer has seen, its all about IO.  If this is a physical server, then ensure they are using a good NIC that doesn't offload anything to the CPU, and they will want to pay attention to the storage throughput (SSD > HDD, RAID > JBOD).  If its a virtual server, then make sure they are using a Paravirtualized NIC, such as the VMXNET3 adapter... it can sustain over 10GBps with virtually no resource impact.  You want to use a paravirtualized NIC for PAM virtual appliances too, the default e1000 emulated nic is very slow in comparison.  Also make sure that the file server used is physically and logically close to the PAM appliance; you want very low latency between PAM and the storage server.

2) Simply unmount the current server and update and mount the new one via Configuration > Logs > Session Recording > External Storage.  See:

3) Session recordings are done by the PAM appliance, the client does not directly access the recording server.  So there is no impact to the client.

You did not mention it.  However to preserve existing recordings, just copy all of the files from the old recording mount directory to the new one.  Again, this is external to PAM and they will need to figure out how to copy the files.